优秀的编程知识分享平台

网站首页 > 技术文章 正文

使用容器部署ElasticSearch8.2.3生产集群环境

nanyue 2024-08-09 07:13:01 技术文章 9 ℃

1.OS环境(Docker安装请参考docker官网,此处略过)

IP

OS

Hostname

Storage

Role

OS User

192.168.1.101

Centos

ps01

/bigdata 500G

Master

bigdata

192.168.1.102

Centos

ps02

/bigdata 500G

Master

bigdata

192.168.1.103

Centos

ps03

/bigdata 500G

Master

bigdata

2.环境准备,使用root

  • 目录准备
#root 用户
mkdir -p /bigdata/data/es/{data,logs,plugins}
chown -R bigdata:bigdata /bigdata
chmod -R 777 /bigdata
  • 先决条件,各节点使用 root 配置
cat >> /etc/security/limits.conf <<EOF
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536
EOF
echo "vm.max_map_count = 655360" >>/etc/sysctl.conf
sysctl -p

3.Docker部署ElasticSearch8.2.3 ,使用bigdata

  • IK分词器安装

下载相应版本的IK分词器 elasticsearch-analysis-ik-8.2.3.zip ,解压到 任意命名的文件夹,如 ik

#使用bigdata用户登录 ps01,在ps01操作,ik上传到 ps01 /bigdata/data/es/plugins
# ik分发到 ps02、ps03 的/bigdata/data/es/plugins
cd /bigdata/data/es/plugins
scp -r ik ps02:/bigdata/data/es/plugins/
scp -r ik ps03:/bigdata/data/es/plugins/
  • 镜像拉取,拉取错误可以多试几次,往往是网络原因
#所有节点都需要elasticsearch:8.2.3
docker pull docker.elastic.co/elasticsearch/elasticsearch:8.2.3
#在ps01执行
docker pull docker.elastic.co/kibana/kibana:8.2.3
  • 初始化第一个主节点 **重点***
#初始化第一个主节点
docker run \\
-it \\
--name es-node1 \\
--restart=always \\
-p 9200:9200 \\
-p 9300:9300 \\
-e "cluster.name=es-ps" \\
-e "node.name=es-node1" \\
-e "network.host=0.0.0.0" \\
-e "network.publish_host=192.168.1.101" \\
-e "http.cors.enabled=true" \\
-e 'http.cors.allow-origin="*"' \\
-e "http.cors.allow-credentials=true" \\
-e "http.cors.allow-methods=OPTIONS,HEAD,GET,POST,PUT,DELETE" \\
-e "http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization,Access-Control-Allow-Headers,Accept,x-elastic-client-meta" \\
-e "ES_JAVA_OPTS=-Xms18g -Xmx18g" \\
-v /bigdata/data/es/plugins:/usr/share/elasticsearch/plugins \\
-v /bigdata/data/es/logs:/usr/share/elasticsearch/logs \\
-v /bigdata/data/es/data:/usr/share/elasticsearch/data \\
docker.elastic.co/elasticsearch/elasticsearch:8.2.3
  • 生成的密码token,注意观察控制台输出
------------------------------------------------------------------------------------------------------------------------------------------------------------
-> Elasticsearch security features have been automatically configured!
-> Authentication is enabled and cluster connections are encrypted.

->  Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
 qqqq*Go6imK=QKQQQQQ

->  HTTP CA certificate SHA-256 fingerprint:
  46f56cd72b1a486e5a25d5ad61f9df27fe3c5986d6f05dc9e12b9bd93279b279

->  Configure Kibana to use this cluster:
* Run Kibana and click the configuration link in the terminal when Kibana starts.
* Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
  qqJ2ZXIiOiI4LjIuMyIsImFkciI6WyIxNzIuMTkuMS43Njo5MjAwIl0sImZnciI6IjQ2ZjU2Y2Q3MmIxYTQ4NmU1YTI1ZDVhZDYxZjlkZjI3ZmUzYzU5ODZkNmYwNWRjOWUxMmI5YmQ5MzI3OWIyNzkiLCJrZXkiOiJ1VGtSaUlNQkVnUE9xRnZwcFVnYTo0YmVmZkd3VFJMZVF6LVg4ZXFyeGp3In0=

-> Configure other nodes to join this cluster:
* Copy the following enrollment token and start new Elasticsearch nodes with `bin/elasticsearch --enrollment-token <token>` (valid for the next 30 minutes):
  qqJ2ZXIiOiI4LjIuMyIsImFkciI6WyIxNzIuMTkuMS43Njo5MjAwIl0sImZnciI6IjQ2ZjU2Y2Q3MmIxYTQ4NmU1YTI1ZDVhZDYxZjlkZjI3ZmUzYzU5ODZkNmYwNWRjOWUxMmI5YmQ5MzI3OWIyNzkiLCJrZXkiOiJ1emtSaUlNQkVnUE9xRnZwcFVnaTpqOF9ERXZLWVFFQ01lTlpmX0N5cTZnIn0=

  If you're running in Docker, copy the enrollment token and run:
  `docker run -e "ENROLLMENT_TOKEN=<token>" docker.elastic.co/elasticsearch/elasticsearch:8.2.3`
------------------------------------------------------------------------------------------------------------------------------------------------------------
  • 上述token有效期30分钟,重新生成token执行如下脚本
docker exec -it es-node1 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node
docker exec -it es-node1 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
  • 安装kibana
docker run \\
-d \\
--name kibana \\
--restart=always \\
-p 5601:5601 \\
-e "I18N_LOCALE=zh-CN" \\
-e 'server.publicBaseUrl="<http://192.168.1.101:5601>"' \\
docker.elastic.co/kibana/kibana:8.2.3
  • 在控制台输入以下命令,顺利拿到kibana的验证码,初次登录kibana时使用
docker exec -it kibana bin/kibana-verification-code
  • 如果需要可以从容器中拷贝证书
docker cp es-node1:/usr/share/elasticsearch/config/certs/http_ca.crt .
  • 加入第2、3个节点 ***重点***
#在ps01,192.168.1.101,执行得到 token
docker exec -it es-node1 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node

#ps02执行,192.168.1.102
docker run \\
-idt \\
--name es-node2 \\
--restart=always \\
-p 9200:9200 \\
-p 9300:9300 \\
-e "cluster.name=es-ps" \\
-e "node.name=es-node2" \\
-e "network.host=0.0.0.0" \\
-e "network.publish_host=192.168.1.102" \\
-e "http.cors.enabled=true" \\
-e 'http.cors.allow-origin="*"' \\
-e "http.cors.allow-credentials=true" \\
-e "http.cors.allow-methods=OPTIONS,HEAD,GET,POST,PUT,DELETE" \\
-e "http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization,Access-Control-Allow-Headers,Accept,x-elastic-client-meta" \\
-e "ES_JAVA_OPTS=-Xms18g -Xmx18g" \\
-e "ENROLLMENT_TOKEN=eyJ2ZXIiOiI4LjIuMyIsImFkciI6WyIxNzIuMTkuMS43Njo5MjAwIl0sImZnciI6IjQ2ZjU2Y2Q3MmIxYTQ4NmU1YTI1ZDVhZDYxZjlkZjI3ZmUzYzU5ODZkNmYwNWRjOWUxMmI5YmQ5MzI3OWIyNzkiLCJrZXkiOiJmUEpQaUlNQnlXNkVMRFBmWmIyVjpxTFZYUmZYY1JZNmV5RzEyVUwtbVF3In0=" \\
-v /bigdata/data/es/plugins:/usr/share/elasticsearch/plugins \\
-v /bigdata/data/es/logs:/usr/share/elasticsearch/logs \\
-v /bigdata/data/es/data:/usr/share/elasticsearch/data \\
docker.elastic.co/elasticsearch/elasticsearch:8.2.3

#ps03执行,192.168.1.103
docker run \\
-idt \\
--name es-node3 \\
--restart=always \\
-p 9200:9200 \\
-p 9300:9300 \\
-e "cluster.name=es-ps" \\
-e "node.name=es-node3" \\
-e "network.host=0.0.0.0" \\
-e "network.publish_host=192.168.1.103" \\
-e "http.cors.enabled=true" \\
-e 'http.cors.allow-origin="*"' \\
-e "http.cors.allow-credentials=true" \\
-e "http.cors.allow-methods=OPTIONS,HEAD,GET,POST,PUT,DELETE" \\
-e "http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization,Access-Control-Allow-Headers,Accept,x-elastic-client-meta" \\
-e "ES_JAVA_OPTS=-Xms18g -Xmx18g" \\
-e "ENROLLMENT_TOKEN=eyJ2ZXIiOiI4LjIuMyIsImFkciI6WyIxNzIuMTkuMS43Njo5MjAwIl0sImZnciI6IjQ2ZjU2Y2Q3MmIxYTQ4NmU1YTI1ZDVhZDYxZjlkZjI3ZmUzYzU5ODZkNmYwNWRjOWUxMmI5YmQ5MzI3OWIyNzkiLCJrZXkiOiJmUEpQaUlNQnlXNkVMRFBmWmIyVjpxTFZYUmZYY1JZNmV5RzEyVUwtbVF3In0=" \\
-v /bigdata/data/es/plugins:/usr/share/elasticsearch/plugins \\
-v /bigdata/data/es/logs:/usr/share/elasticsearch/logs \\
-v /bigdata/data/es/data:/usr/share/elasticsearch/data \\
docker.elastic.co/elasticsearch/elasticsearch:8.2.3
  • 重启节点前修改容器的配置文件,把"ENROLLMENT_TOKEN=”这部分内容 删除**
#使用root用户
#1.***先停止docker 服务
systemctl stop docker

#2.修改配置文件,配置文件路径为/var/lib/docker/containers/容器ID,对应的配置文件为hostconfig.json或config.v2.json, 删除掉 **"ENROLLMENT_TOKEN=*****"**
vi config.v2.json

#3.启动docker: 
systemctl start docker

#4.如果需要,启动容器(默认启动docker服务,容器自动启动)
#***注意,重启docker服务很重要,否则修改完的配置文件,重启容器后会被还原

Tags:

猜你喜欢

最近发表
标签列表